Course Description

The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.

Candidates that successfully pass the exam will receive their C|CISO certificate and community privileges Members are expected to adhere to recertification requirements through EC-Council’s Continuing Education Requirements.

The CCISO is for information security executives aspiring to be CISOs through refining their skills and learning to align information security programs with business goals and objectives. This program also encourages existing CISOs to improve their technical and management skills, as well as business procedures.

To be approved to take the CCISO exam without first taking certified training, you will need to show evidence and present verifiers to show that you have 5 years of experience in each of the five CCISO domains. Experience waivers are available for some industry-accepted certifications and CCISO Exam Eligibility Application Form higher education. Between certification and training waivers, applicants can only waive 3 years of experience for each domain. If you have taken training, you must show 5 years of experience in 3 of the 5 domains in order to take the CCISO exam.

Applicants found not qualified for the CCISO Exam may choose to take the EC-Council Information Security Manager (EISM) exam instead. The EISM exam is less challenging than the CCISO exam and leads to the EISM certification, which has no experience requirements, but does require that you take CCISO training.

Exam Title: EC-Council Certified CISO
Exam Code: 712-50
Number of Questions: 150
Duration: 2.5 Hours
Availability: ECC Exam Portal
Test Format: Scenario-based Multiple Choice
Passing Score: Please refer to

Instead of iLabs this program contains “War Games” – more information in the Course Outline section

Course outline

Five CCISO domains

  • Governance and Risk Management
  • Information Security Controls, Compliance, & Audit Management
  • Security Program Management & Operations
  • Information Security Core Competencies
  • Strategic Planning, Finance, Procurement, & Vendor Management

New in CCISO v3

  • New sections covering GDPR
  • Enhanced focus on Risk Management frameworks including NIST, TARA, OCTAVE, FAIR, COBIT, and ITIL
  • More emphasis on Vendor Management
  • Deep dive into Contract Management
  • Step-by-step instructions on building and maturing a Security Program
  • A CISO-level view of transformative technologies like Artificial Intelligence, Augmented Reality, Autonomous SOCs, Dynamic Deception, and more!
  • Strategic planning deep dives

Introducing “War Games” in all live classes!

  • CCISO is now an interactive class
  • All instructors lead War Games, which mimic what happens during a breach
  • All aspects of what the student has learned are incorporated into the exercise, reinforcing the content

CCISO Body of Knowledge

The EC-Council CCISO Body of Knowledge covers all five of the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs.

Contact us!